CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1352
https://notcve.org/view.php?id=CVE-2016-1352
14 Apr 2016 — Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856. Cisco Unified Computing System (UCS) Central Software 1.3(1b) y versiones anteriores permite a atacantes remotos ejecutar comandos del SO arbitrarios a través de una petición HTTP manipulada, también conocida como Bug ID CSCuv33856. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-ucs • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 12%CPEs: 65EXPL: 0CVE-2015-0718
https://notcve.org/view.php?id=CVE-2015-0718
03 Mar 2016 — Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579. Cisco NX-OS 4.0 hasta la versión 6.1 en dispositivos Nexus 1000V 3000, 4000, 5000, 6000 y 7000 y plataformas Unified Computing System (UCS) permite a atancantes remotos causar una denegación de servicio (recarga... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 8%CPEs: 86EXPL: 2CVE-2015-6435 – Cisco UCS Manager 2.2(1d) Remote Command Execution
https://notcve.org/view.php?id=CVE-2015-6435
22 Jan 2016 — An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888. Una secuencia de comandos CGI no especificada en Cisco FX-OS en versiones anteriores a 1.1.2 en dispositivos Firepower 9000 y Cisco Unified Computing System (UCS) Manager en versiones anteriores a 2.2(4b), 2.2(... • https://packetstorm.news/files/id/160991 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6415
https://notcve.org/view.php?id=CVE-2015-6415
12 Dec 2015 — Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service (CPU consumption or device outage) via a SYN flood on the SSH port during the booting process, aka Bug ID CSCuu81757. Cisco Unified Computing System (UCS) 2.2(3f)A en dispositivos Fabric Interconnect 6200 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU o interrupción de dispositivo) a través de una inundación SYN en el puerto SSH durante el pr... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-ucs • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6387
https://notcve.org/view.php?id=CVE-2015-6387
05 Dec 2015 — Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573. Vulnerabilidad de XSS en Cisco Unified Computing System (UCS) Central Software 1.3 (0.1) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un valor manipulado en una URL, también conocida como Bug ID CSCux33573. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-ucs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6388
https://notcve.org/view.php?id=CVE-2015-6388
05 Dec 2015 — Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575. Cisco Unified Computing System (UCS) Central software 1.3 (0.1) permite a atacantes remotos llevar a cabo ataques Server-Side Request Forgery (SSRF) a través de una petición manipulada, también conocida como Bug ID CSCux33575. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-ucs1 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6355
https://notcve.org/view.php?id=CVE-2015-6355
04 Nov 2015 — The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226. La interfaz web en Cisco Unified Computing System (UCS) 2.2(5b)A en servidores blade permite a atacantes remotos obtener información potencialmente sensible sobre la versión al visitar una URL no especificada, también conocido como Bug ID CSCuw87226. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151102-ucs • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.4EPSS: 1%CPEs: 11EXPL: 0CVE-2015-6259
https://notcve.org/view.php?id=CVE-2015-6259
04 Sep 2015 — The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625. Vulnerabilidad en el componente JavaServer Pages (JSP) en Cisco Integrated Management Controller (IMC) Supervisor en versiones anteriores a 1.0.0.1 y UCS Director (anteriormente Cloupia Unified Infr... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4286
https://notcve.org/view.php?id=CVE-2015-4286
29 Jul 2015 — The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. Vulnerabilidad en el framework web en Cisco UCS Central Software 1.3(0.99), permite a atacantes remotos leer archivos arbitrarios a través de una petición HTTP manipulada, también conocida como Cisco UCS Central Software 1.3(0.99) • http://tools.cisco.com/security/center/viewAlert.x?alertId=40151 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4279
https://notcve.org/view.php?id=CVE-2015-4279
20 Jul 2015 — The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778. Vulnerabilidad en el componente Manager en Cisco Unified Computing System (UCS) 2.2 (3b) sobre los dispositivos B Blade Server permite a usuarios locales obtener privilegios para ejecutar comandos arbitrarios en la CLI mediante el aprovechamiento de acceso ... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39990 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •